User accounts and their use are focused in the manual.
To create a new account, click on under Accounts → Users.
If you dispose of templates created by the administrator, select an appropriate template in the Use template menu. If no templates have been created yet, a basic form is opened in the Add user page displayed first:
This name will be used for login to the user's mailbox and it will be also used as the basic part of the email address. This implies that it is not possible to create two or more users with identical login names. Login name is used as a unique ID of the user and their email account for Kerio Connect.
Example: User John Gentle gets username jgentle and his basic email address in domain company.com will have this form: jgentle@company.com. To connect to the Kerio WebMail interface, the user will use the login name jgentle@company.com.
As login name is a unique identificator of the account, it is not easy to change it (contrary to all the other items).
Diacritics as well as other special symbols and blanks are disallowed in login names. If any of forbidden symbols is included, the name is not saved.
Use this entry to specify the first and the second name of the user. This item is not obligatory as the user is already well distinguished by the unique login name in the system. However, it is highly recommended to specify these items; otherwise, the user and their address cannot be published in the public contact folder. New users are added to the public contact folder immediately upon creation of the account. This implies that other users can immediately access the new contact in the folder.
This entry is optional. We recommend you to specify the new user's position within the company or at least their department to make the information clear for later reference.
User authentication type. This information will be provided by your ISP or the Kerio Connect administrator.
Enter a password for this user and confirm it by typing it once again in the Confirm Password entry. This password will be used for connection of the user to Kerio Connect.
It is recommended to command the user to change their password in the Kerio WebMail interface immediately upon the account creation. For guidelines for password change, refer to user's guide.
By unchecking this option, you can temporarily disable the account without deleting it.
Upon creating a new user account, check this option to set the antispam rule. All incoming emails marked as spam will be automatically moved to the Junk E-mail folder.
If you do not check the rule now, users can create it later in incoming mail rules (creation of rules is focused in the user's guide).
The user's full name and address will be published in the default public Contacts folder which is used as an internal source of company contacts (full names and email addresses). The contact is added to the public folder only if Full Name is specified.
If users are mapped from Active Directory or Apple Open Directory, the entire LDAP database is synchronized every hour automatically. If you do not wish to synchronize a user to public contacts, uncheck this option.
This option allows use of secure asymmetric encryption algorithm (SHA). This option has one disadvantage — some methods of Kerio Connect access authentication (APOP, CRAM-MD5 and Digest-MD5) cannot be applied. If this option is enabled, it is necessary to change the user password. This can be done either by administrator or the user (e.g. by Kerio WebMail).
Once the first page of the wizard is completed, the new user can be saved. Other settings can be done later, if necessary.
On the E-mail addresses tab you can define alternative email addresses for the particular user. The part that follows the at symbol is kept, while the preceding part can be changed.
Example: John Gentle's main address is jgentle@company.com. Upon clicking on , alternative addresses such as for example John.Gentle@company.com or gentle@company.com can be defined. This feature can be helpful especially if the name is uneasy to be written and it can be easily misspelled. Mr Bigsting can have addresses bigsting@company.com, bixting@company.com, bigstink@company.com, bixtink@company.com, bigstin@company.com and bixtin@company.com which will ensure that even if his name is misspelled, he gets his email.
The Forwarding tab allows forwarding of received email to another mailbox. If this has been requested by the user, simply add the additional email address in the dialog. Then set whether the forwarded email will be also stored in the particular mailbox in Kerio Connect (the original recipient's address).
On the Groups tab, you can add the user to existing user groups (to learn more about groups and their use, read section Groups). You can add the users to any groups.
On the Rights tab, it is possible to add rights for the domain administration, i.e. to assign any user the same rights as you have. User with these rights can login to the web administration and add users, groups and manage resources.
The user will not be granted any administration rights
The user will be granted administration rights for user accounts, groups, aliases, mailing lists and resource in the domain their account belongs to. For more information, see the manual.
The user will be granted access rights to all accounts on the server without being allowed to edit them.
The user will be granted administration access rights to all accounts created in Kerio Connect
The Quota tab allows to set quota for the user mailbox. The user quota prevents cluttering of the server disk. If either of the limits is reached, any new messages will be refused by the server.
If the quota is exceeded, the user will be notified by email and advised to delete some of the messages in the mailbox.
The maximum space for a mailbox. For greater ease in entering values you can choose between kilobytes (KB), megabytes (MB) or gigabytes (GB). If you are not sure about the quota's value, set it between 2 and 10 MB or ask your Kerio Connect administrator for help (the administrator knows total size of the disk available).
The maximum number of messages in the mailbox. Messages that exceed this number will be refused by the mailserver.
The Advanced Settings tab allows setting of the following options:
This option narrows communication to local level only. This can be useful for internal communication settings in many companies. Users will not be able to send or receive emails to any other domain or to the Internet.
If you are not sure why this option should be checked, leave it disabled. This option restricts sending of email out of the company and it is helpful only if you need to keep extremely strict communication rules across the company.
Use this option to set the size limit for outgoing messages. By setting the size limit, you can prevent the internet connection from being overloaded by emails with large attachments (movies, music, pictures).
If the limit is set to 0, Kerio Connect behaves the same way as if no limit was set.
If you are not sure which is an optimal value for the limit, set it for 20 MB.
The message size limit can be set by your provider in Kerio Connect for a whole domain. After both limits are set, the following can occur:
If the message size limit for a user is higher than the one for the domain, the domain limit will apply.
If the message size limit for a user is lower than the one for the domain, the user limit will apply.
Kerio Connect includes an option of setting a special rule for automatic deletion of all items older than a defined number of days (for a mailbox, or for an entire domain in domain settings). This rule applies to the Junk E-Mail and Deleted Items folders. For detailed information on this setting, refer to the manual.
Any items of a user account can be changed easily, apart from the login name. To change settings, click on the button in the lower part of section Accounts.
The button opens a dialog with various tabs where particular settings can be changed. If not sure about any option, read their descriptions in Users.
Click the to delete a user account. With the original user account in Kerio Connect, the following actions can be performed for the addressed mailbox:
This option is useful especially when another user needs to work with messages, events and tasks from this folder actively.
The entire folder will be moved as a subfolder of the selected account's root folder. The folder name will follow this pattern: Deleted mailbox — user_name@domain. This folder will include all original folders and items of the deleted mailbox.
The folder will be kept in the store directory.
This option can be used when the user folder does not contain any (or any important) messages, events, tasks, etc.
The following accounts cannot be deleted:
your own account,
users with full rights for Kerio Connect,
user accounts mapped from a directory service.
To view user statistics, click on .
Statistics tracks activity from when Kerio Connect started to be used. Data of each user are saved in the stats.usr file in the user's home directory in the Kerio Connect store.
The user statistics can be exported in two formats: XML and CSV (the comma-separated values). The export button is located under the statistics.
Users can connect to Kerio Connect from various mobile devices (PDAs or so called “smart” phones). Support for mobile devices in Kerio Connect is allowed thanks to support for ActiveSync (for more information on this protocol, see the manual).
Tools for administration of mobile devices can be found under :
— removes selected devices from the list. This option is used especially if the user has already stopped using the device.
— allows remote wipe out of user data from the device.
— refreshes information on status of connected devices.
— view details on a selected device.
The first line shows the device item and the type of the system used on it.
ActiveSync version.
Serial number of the device.
The date when the user specified server info in ActiveSync and established the first connection.
Date and time of the last synchronization.
Synchronization status. This item provides synchronization status information, i.e. whether the process was completed successfully, if any problems arose, etc.
IP address assigned to the device's network adapter.
Another section of the window provides list of all folders included in sychronization. Older device types usually support only synchronization of email, calendars and contacts, whereas newer devices support also synchronization of tasks.
Below the pane where folders are overviewed, an information addressing solution of synchronization collisions is provided. A collision is detected if the same data items are changed both on the server and on the device.
Server wins — if there is a collision, data saved on the server overwrite the data stored in the device.
Client wins — if there is a collision, data saved on the device overwrite the data stored on the server.
Import can be launched by the button:
Use the option to select a source from which users will be imported.
The name of the domain users will be imported from (the format is as in DNS domain — e.g. domain.com)
Applicable only for Active Directory. Name of the server where the Active Directory service for the particular domain is running.
If a special port is specified for the LDAP(S) service, the port number can be added to the server name (e.g.: mail1.company.com:12345).
Applicable only for Active Directory. Username and password of a user who owns an account in this domain. Write access rights are not required for saving and changing settings.
Applicable only for Active Directory. This item is available upon clicking on . This option allows to modify the request for LDAP server users will be imported from. It is recommended that only experienced programmers use this option. For details about the query syntax, see the instruction manual to your LDAP server.
Within the import of user accounts from the LDAP database with Kerio Connect, sensitive data may be transmitted (such as user passwords). It is possible to secure the communication by using an SSL encryption.
Import can be launched by the button:
Use the option to select a source from which users will be imported.
Name of the NDS organization from which users are supposed to be imported.
Name or IP address of the server where the service for the particular domain is running.
If a special port is specified for the LDAP(S) service, the port number can be added to the server name (e.g.: mail1.company.com:12345). Mac OS X is the only system which includes the Secure connection (LDAPS) option.
Username and password of a user who owns an account in this domain. Write access rights are not required for saving and changing settings.
This item is available upon clicking on . This option allows to modify the request for LDAP server users will be imported from. It is recommended that only experienced programmers use this option. For details about the query syntax, see the instruction manual to your LDAP server.
Within the import of user accounts from the LDAP database with Kerio Connect, sensitive data may be transmitted (such as user passwords). It is possible to secure the communication by using an SSL encryption.
There is an option to import user accounts from CSV files. Data in the file must follow certain rules. For details on how to create a CSV file with user accounts, refer to the manual.
If you already have the CSV file ready, under click on :
Enter a CSV file path.
Once the file has been uploaded, the User import dialog with users specified in the CSV file is opened. Select users to be imported and, if useful, choose a template to be applied which would define what information would be set for all future accounts (see section User Templates).